6f5b3f5cd79f3fc5b1b6a626e3e2613422d88d9840eaa58558568ef980b0049a

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe
Size

9.7MB
MD5

4ff62f046bd8df1267875379ac0d9c47
SHA1

2ca1c79eb8ba8f2e0552414b58a551f0bd9e7151
SHA256

9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf
SHA512

dbb250ce3d573f75ef61c1dc2fefd479c6cc1a643c95873c985426ef8fe6568fd1cafd88d0f48dbc930518c755e238d208304ce0ec8851a44b250ed9e98ca951
SSDEEP

98304:UXLSxXFGIkfBCdHapq6xK1+uHkze7cvtxdVX+B6EHBTFz01HRrs/nWTIoRI:UeFxAcYqv1+7zXE1K1xQaDRI

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2368	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2368	9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe

C:\Users\Admin\AppData\Local\Temp\9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe
"C:\Users\Admin\AppData\Local\Temp\9d8a2aac4e2ef6f0052c937a41b0eb906ebf2c53b8f5891e18ae4b38f2e58cdf.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\settings.ini

Filesize
62B

MD5
2c15d56c10c83e6a83458cfd4daa4255

SHA1
1af59a5b673153a54719fca33248da191c0286eb

SHA256
7d647ac9a7173a4187318ce9ca47556c3660312177684201de9cae4c0de34625

SHA512
51e63384a5cd6f57336dbdaf23737641ce7204d0ab677f75ec5783e5fe4561a4834752645cd6163a285a5eab63d09794df93571cafc0d735db07a348d544f827

Download Submit
memory/2368-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-17-0x0000000000400000-0x0000000000E29000-memory.dmp

Filesize
10.2MB

Download
memory/2368-19-0x0000000000400000-0x0000000000E29000-memory.dmp

Filesize
10.2MB

Download
memory/2368-20-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-22-0x0000000000400000-0x0000000000E29000-memory.dmp

Filesize
10.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads